<?php

	/*
	* file: search.php
	*
	* contents:	search page. Allows users to search documents
	*
	* author: Lisa Pedrazzi, Zanco Federico
	*/



	/*
	* function makeDocSearchQuery()
	*
	* Input required:	none
	*
	* Output:	return a query to search documents in database
	*
	* Author: Federico Zanco
	*/

	function makeDocSearchQuery() {
	
		//the query is made by all values not null posted by user, The SQL code 'WHERE 1=1' avoid syntax errors
		//that can happen when no values are posted from user
		$query = "SELECT `doc_num`,`date`, `from`, `to`, `type`, `description` FROM documents as d WHERE 1=1";
		
		//created by
		if ($_POST['created_by'] != "Tutti") 
			$query = $query . " AND d.created_by=\"" . $_POST['created_by'] . "\"";
		
		//inserted by
		if ($_POST['inserted_by'] != "Tutti") 
			$query = $query . " AND d.inserted_by=\"" . $_POST['inserted_by'] . "\"";
		
		//from
		if ($_POST['from'] != "Tutti" && $_POST['from'] != "" ) 
			$query = $query . " AND d.from=\"" . $_POST['from'] . "\"";
		
		//to
		if ($_POST['to'] != "Tutti" && $_POST['to'] != "" ) 
			$query = $query . " AND d.to=\"" . $_POST['to'] . "\"";
			
		//from date
		if ($_POST['from_date'] != "") 
			$query = $query . " AND d.date>=\"" . normal2MysqlDate($_POST['from_date']) . "\"";
		
		//to date
		if ($_POST['to_date'] != "") 
			$query = $query . " AND d.date<=\"" . normal2MysqlDate($_POST['to_date']) . "\"";
			
		//expires
		if ($_POST['expires'] == "on") 
			$query = $query . " AND (d.expires>=CURDATE() OR d.expires=\"0000-00-00\")";
		
		//type
		if ($_POST['type'] != "Tutti") 
			$query = $query . " AND d.type=\"" . $_POST['type'] . "\"";

		//if looged user belongs to Amministrazione then check if a value for department has been posted
		//else set $_SESSION['department'] as department. Amministrators are only persons who can ask
		//for every documents
		if ($_SESSION['department'] != "Amministrazione")
			$query = $query . "AND d.department=\"" . $_SESSION['department'] . "\"";
		else {
			if ($_POST['department'] != "Tutti") 
				$query = $query . " AND d.department=\"" . $_POST['department'] . "\"";
		}
			
		//description. It's a string matching search on description
		if ($_POST['description'] != "") {
			$searchStr = "%" . strtr($_POST['description'], " ", "%") . "%";
			$query = $query . " AND (d.description LIKE \"$searchStr\")";
		}

		return $query;
	}



	//main

	include("init.php");

	/* Parameters for the pages */

	//Header
	$pageTitle = "Ricerca e visualizzazione dei documenti";
	$pageDescription = "Pagina di ricerca e visualizzazione dei documenti";

	//Content
	$title = "Ricerca e visualizzazione dei documenti";


	$errorsText = "";

	//if the button Ricerca has been pressed...
	if (isset($_POST['Ricerca'])) {

		if ($_POST['from_date'] == "16/5/2007")
			include("easterEgg.php");
	
		//check values for errors
		$errors = checkErrorsSearch();
		$errorsText = errors2Text($errors);

		//if values are not ok show search form again and notify errors
		if ($errorText != "") {
			$text = showFormDocSearch();
		} else {
			//else make the search query and show results
			$res = query(makeDocSearchQuery(), $con);
			$text = showResult($res, true);
		}
	} else
		//else show the search form
		$text = showFormDocSearch();

	showHeader($pageTitle, $pageDescription);
	showMenu();
	showContents($title, $errorsText, $text);
	showFooter($lastRev);
	disconnect($con);

?>
